Video Screencast Help

DLP Network Monitor can not detect Exchange 2007 mail incident

Created: 22 Jan 2014 | 3 comments
allenchung's picture

Hello,

DLP Network Monitor can not detect Exchange 2007 mail incidents.

Somebody said it caused by Exchange TLS.Is it right?

How can I detect Exchange 2007 (or Exchange 2010 2013) mail content without desabling the TLS function?

 

Thanks a lot.

 

Operating Systems:

Comments 3 CommentsJump to latest comment

Leo_Cortes's picture

Hi Allen,

 

Unfortunately if the SMTP channel is encrypted there is not a way around it, you either disable TLS or install a Prevent email server and make it part of the TLS channel.  A question I may ask to the network and Exchange folks is if there is a point in the mail flow where the SMTP traffic could be in the clear.

 

For example, a customer of mine had TLS enable between their last MTA and MXLogic; however the SMTP traffic between Exchange and that MTA was in the clear.  It just happended that the segment of the network were tha clear traffic passed, was not being mirrored.

 

Explore that option and you may find a solution for your problem.  Hope this helps.

 

-Leo

Thomas Fürling's picture

We are reading the mails within Exchange (2010) and check it against DLP Network Prevent Mail. In case of block remediation, we instruct Exchange to quarantine the mail. Beside external mails, this solution can also DLP internal mail traffic.

We are selling this solution "Exchange Mail Handler" as an addon to Symantec's DLP DiM. If you are interested in this solution, please contact me under tfuerling@e3ag.ch

Rgds, Thomas